Add code from real production environment
[cacert-boardvoting.git] / motion.php
index 536de03..2dec354 100644 (file)
        <body>
                <?php
                if ($_REQUEST['action'] == "store") {
-                       $stmt = $db->getStatement("create decision");
-                       $stmt->bindParam(":proponent",$user['id']);
-                       $stmt->bindParam(":title",$_POST['title']);
-                       $stmt->bindParam(":content",$_POST['content']);
-                       $stmt->bindParam(":votetype",$_POST['votetype']);
-                       $stmt->bindParam(":due",$_POST['due']);
-                       if ($stmt->execute()) {
-                               ?>
-                               <b>The motion has been proposed!</b><br/>
-                               <a href="motions.php">Back to motions</a><br/>
-                               <br/>
-                               <br/>
-                               <?php
-                               $decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
-                               $name = $user['name'];
-                               $tag = $decision['tag'];
-                               $title = $decision['title'];
-                               $content =$decision['content'];
-                               $due = $decision['due']." UTC";
-                               $votetype = !$decision['votetype'] ? 'motion' : 'veto';
-                               $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
-                               $voteurl = $baseurl."vote.php?motion=".$decision['id'];
-                               $unvoted = $baseurl."motions.php?unvoted=1";
-                               $body = <<<BODY
+                       if (is_numeric($_REQUEST['motion'])) {
+                               $stmt = $db->getStatement("update decision");
+                               $stmt->bindParam(":id",$_POST['motion']);
+                               $stmt->bindParam(":proponent",$user['id']);
+                               $stmt->bindParam(":title",$_POST['title']);
+                               $stmt->bindParam(":content",$_POST['content']);
+                               $stmt->bindParam(":due",$_POST['due']);
+                               $stmt->bindParam(":votetype",$_POST['votetype']);
+                               if ($stmt->execute()) {
+                                       ?>
+                                       <b>The motion has been proposed!</b><br/>
+                                       <a href="motions.php">Back to motions</a><br/>
+                                       <br/>
+                                       <br/>
+                                       <?php
+                                       $decision = $db->getStatement("get decision")->execute(array($_POST['motion']))?$db->getStatement("get decision")->fetch():array();
+                                       $name = $user['name'];
+                                       $tag = $decision['tag'];
+                                       $title = $decision['title'];
+                                       $content =$decision['content'];
+                                       $due = $decision['due']." UTC";
+                                       $votetype = !$decision['votetype'] ? 'motion' : 'veto';
+                                       $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
+                                       $voteurl = $baseurl."vote.php?motion=".$decision['id'];
+                                       $unvoted = $baseurl."motions.php?unvoted=1";
+                                       $body = <<<BODY
+Dear Board,
+
+$name has modified motion $tag to the following:
+
+$title
+$content
+
+Vote type: $votetype
+
+To vote please choose:
+
+Aye: $voteurl&vote=1
+Naye: $voteurl&vote=-1
+Abstain: $voteurl&vote=0
+
+Please be aware, that if you have voted already your vote is still registered and valid.
+If this modification has an impact on how you wish to vote, you are responsible for voting
+again.
+
+To see all your outstanding votes : $unvoted
+
+Kind regards,
+the voting system
+BODY;
+                                       $db->notify("Re: $tag - $title - modified",$body,$tag);
+                               } else {
+                                       ?>
+                                       <b>The motion has NOT been proposed!</b><br/>
+                                       <a href="motions.php">Back to motions</a><br/>
+                                       <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
+                                       <br/>
+                                       <br/>
+                                       <?php
+                               }
+                       } else {
+                               $stmt = $db->getStatement("create decision");
+                               $stmt->bindParam(":proponent",$user['id']);
+                               $stmt->bindParam(":title",$_POST['title']);
+                               $stmt->bindParam(":content",$_POST['content']);
+                               $stmt->bindParam(":votetype",$_POST['votetype']);
+                               $stmt->bindParam(":due",$_POST['due']);
+                               if ($stmt->execute()) {
+                                       ?>
+                                       <b>The motion has been proposed!</b><br/>
+                                       <a href="motions.php">Back to motions</a><br/>
+                                       <br/>
+                                       <br/>
+                                       <?php
+                                       $decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
+                                       $name = $user['name'];
+                                       $tag = $decision['tag'];
+                                       $title = $decision['title'];
+                                       $content =$decision['content'];
+                                       $due = $decision['due']." UTC";
+                                       $votetype = !$decision['votetype'] ? 'motion' : 'veto';
+                                       $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
+                                       $voteurl = $baseurl."vote.php?motion=".$decision['id'];
+                                       $unvoted = $baseurl."motions.php?unvoted=1";
+                                       $body = <<<BODY
 Dear Board,
 
 $name has made the following motion:
@@ -69,18 +130,19 @@ To see all your outstanding votes : $unvoted
 Kind regards,
 the voting system
 BODY;
-                               $db->notify("$tag - $title",$body,$tag,TRUE);
-                       } else {
-                               ?>
-                               <b>The motion has NOT been proposed!</b><br/>
-                               <a href="motions.php">Back to motions</a><br/>
-                               <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
-                               <br/>
-                               <br/>
-                               <?php
+                                       $db->notify("$tag - $title",$body,$tag,TRUE);
+                               } else {
+                                       ?>
+                                       <b>The motion has NOT been proposed!</b><br/>
+                                       <a href="motions.php">Back to motions</a><br/>
+                                       <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
+                                       <br/>
+                                       <br/>
+                                       <?php
+                               }
                        }
-               }
                        
+               }
                if (is_numeric($_REQUEST['motion'])) {
                        $stmt = $db->getStatement("get decision");
                        if ($stmt->execute(array($_REQUEST['motion']))) {